<?php 
//session_start();
//check that the user is calling the page from the login form and not accessing it directly 
//and redirect back to the login form if necessary 
//if (!isset($usuario) || !isset($contrasena)) { 
//header( "Location: ./index.php" ); 
//} 
//check that the form fields are not empty.
if (isset($_POST['submit']))
{
/*
	if ((!isset($usuario)) || (!isset($contrasena)))
	{
	?>
	<script type="text/javascript">alert('Existe un campo vacio: ');</script>

<?php 
}
else
{ 
*/
//convert the field values to simple variables 

//add slashes to the username and md5() the password 

$user = addslashes($_POST['usuario']);
$pass = md5($_POST['contrasena']);
include 'conect.php';
//set the database connection variables 
/*
$dbHost = "localhost";
$dbUser = "root"; 
$dbPass = "root"; 
$dbDatabase = "piaimu"; 

//connet to the database 

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); */
$result=mysql_query("select * from usuario where email_usr='$user' AND clave_usr='$pass'", $connection); 

//check that at least one row was returned 

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){ 
     while($row = mysql_fetch_array($result)){ 

     //Empieza la sesion y registramos las variables
     $_SESSION['id_usuario']=$row[0];
	 $_SESSION['usuario']=$row[3]; //almacenamos en la variable de sesion 'usuario' el nombre del usuario
     $_SESSION['tipousuario']=$row[8]; //almacenamos en la variable de sesion 'tipousuario' el privilegio del usuario
     //echo $_SESSION['id_usuario'];
     } 

 } 
  else { 

  //if nothing is returned by the query, unsuccessful login code goes here... 
  ?><script type="text/javascript">alert('Datos Invalidos');</script><?php
  } 
//} 
}?> 
